Fortinet black logo

CLI Reference

system ha-monitor

system ha-monitor

If the FortiGates in acluster have VLAN interfaces, you can use this command to monitor all VLAN interfaces and write a log message if one of the VLAN interfaces is found to be down. Once configured, this feature works by verifying that the primary unit can connect to the subordinate unit over each VLAN. This verifies that the switch that the VLAN interfaces are connected to is configured correctly for each VLAN. If the primary unit cannot connect to the subordinate unit over one of the configured VLANs the primary unit writes a link monitor log message indicating that the named VLAN went down (log message id 20099).

config system ha-monitor
    set monitor-vlan {enable | disable}   Enable/disable monitor VLAN interfaces.
    set vlan-hb-interval {integer}   Configure heartbeat interval (seconds). range[1-30]
    set vlan-hb-lost-threshold {integer}   VLAN lost heartbeat threshold (1 - 60). range[1-60]
end

Additional information

The following section is for those options that require additional explanation.

monitor-vlan {enable | disable}

Enable monitor VLANs. Disabled by default

vlan-hb-interval <integer>

The time between sending VLAN heartbeat packets over the VLAN. The VLAN heartbeat range is 1 to 30 seconds. The default is 5 seconds.

vlan-hb-lost-threshold <integer>

The number of consecutive VLAN heartbeat packets that are not successfully received across the VLAN before assuming that the VLAN is down. The default value is 3, meaning that if 3 heartbeat packets sent over the VLAN are not received then the VLAN is considered to be down. The range is 1 to 60 packets. A VLAN heartbeat interval of 5 means the time between heartbeat packets is five seconds. A VLAN heartbeat threshold of 3 means it takes 5 x 3 = 15 seconds to detect that a VLAN is down.

system ha-monitor

If the FortiGates in acluster have VLAN interfaces, you can use this command to monitor all VLAN interfaces and write a log message if one of the VLAN interfaces is found to be down. Once configured, this feature works by verifying that the primary unit can connect to the subordinate unit over each VLAN. This verifies that the switch that the VLAN interfaces are connected to is configured correctly for each VLAN. If the primary unit cannot connect to the subordinate unit over one of the configured VLANs the primary unit writes a link monitor log message indicating that the named VLAN went down (log message id 20099).

config system ha-monitor
    set monitor-vlan {enable | disable}   Enable/disable monitor VLAN interfaces.
    set vlan-hb-interval {integer}   Configure heartbeat interval (seconds). range[1-30]
    set vlan-hb-lost-threshold {integer}   VLAN lost heartbeat threshold (1 - 60). range[1-60]
end

Additional information

The following section is for those options that require additional explanation.

monitor-vlan {enable | disable}

Enable monitor VLANs. Disabled by default

vlan-hb-interval <integer>

The time between sending VLAN heartbeat packets over the VLAN. The VLAN heartbeat range is 1 to 30 seconds. The default is 5 seconds.

vlan-hb-lost-threshold <integer>

The number of consecutive VLAN heartbeat packets that are not successfully received across the VLAN before assuming that the VLAN is down. The default value is 3, meaning that if 3 heartbeat packets sent over the VLAN are not received then the VLAN is considered to be down. The range is 1 to 60 packets. A VLAN heartbeat interval of 5 means the time between heartbeat packets is five seconds. A VLAN heartbeat threshold of 3 means it takes 5 x 3 = 15 seconds to detect that a VLAN is down.